-a 0100
0AE4:0100 ;-----------------------------------------------
0AE4:0100 ; Hex to Binary 16-bit ASM in debug.com syntax.
0AE4:0100 ; v0.2
0AE4:0100 ;
0AE4:0100 ; Joshua J. Drake <jduck [at] metasploit.com>
0AE4:0100 ;
0AE4:0100 ; References:
0AE4:0100 ; http://kipirvine.com/asm/debug/Debug_Tutorial.pdf
0AE4:0100 ; http://jakash3.wordpress.com/2010/02/20/file-operations-in-assembly-language/
0AE4:0100 ;-----------------------------------------------
0AE4:0100 ;
0AE4:0100 jmp 197       ;jmp main (jmp)
0AE4:0103 ;
0AE4:0103 ;exit_program:
0AE4:0103 ; close read file
0AE4:0103 mov bx,[1bd]  ;read_handle=1bd
0AE4:0107 call 131      ;call close_file
0AE4:010A ; close write file
0AE4:010A mov bx,[1cc]  ;write_handle=1cc
0AE4:010E call 131      ;call close_file
0AE4:0111 mov ax,4c00   ;Exit function (AL=Errorlevel to return)
0AE4:0114 int 21        ;Do it
0AE4:0116 ;
0AE4:0116 ;open_for_reading:
0AE4:0116 mov ah,3d     ;Open file function
0AE4:0118 mov al,00     ;Read-Only file access
0AE4:011A mov dx,1bf    ;read_filename=1bf
0AE4:011D int 21        ;Do it
0AE4:011F mov [1bd],ax  ;read_handle=1bd
0AE4:0122 ret
0AE4:0123 ;
0AE4:0123 ;open_for_writing:
0AE4:0123 mov ah,3c     ;Open file function
0AE4:0125 mov cx,4      ;Archive file attribute
0AE4:0128 mov dx,1ce    ;write_filename=1ce
0AE4:012B int 21        ;Do it
0AE4:012D mov [1cc],ax  ;write_handle=1cc
0AE4:0130 ret
0AE4:0131 ;
0AE4:0131 ;close_file:
0AE4:0131 mov ax,3e00   ;Close file function
0AE4:0134 int 21
0AE4:0136 ret
0AE4:0137 ;
0AE4:0137 ; read(*phR,0x200,0x100)
0AE4:0137 ;read_data:
0AE4:0137 mov bx,[1bd]  ;read_handle=1bd
0AE4:013B mov ax,3f00   ;Read from file function
0AE4:013E mov cx,100    ;Read the first 256 bytes of file
0AE4:0141 mov dx,0200   ;Address of buffer to store bytes read
0AE4:0144 int 21        ;Do it
0AE4:0146 cmp ax,2      ;must have at least 2 bytes to continue
0AE4:0149 ja 151        ;ja have_enough (jmp)
0AE4:014B call 178      ;call write_data
0AE4:014E call 103      ;call exit_program
0AE4:0151 ;have_enough:
0AE4:0151 ret
0AE4:0152 ;
0AE4:0152 ;convert_to_nibble: (al)
0AE4:0152 mov ah,0      ;no error
0AE4:0154 or al,20      ;lowercase the byte
0AE4:0156 sub al,30     ;is it in the 0-9 range?
0AE4:0158 cmp al,9
0AE4:015A jbe 164       ;jbe convert_success (jmp)
0AE4:015C sub al,31     ;if not, is it in the 0x61-0x66 range?
0AE4:015E cmp al,5
0AE4:0160 ja 165        ;ja convert_error (jmp)
0AE4:0162 add al,a      ;yep, converted -> add 10 and return it
0AE4:0164 ;convert_success:
0AE4:0164 ret
0AE4:0165 ;convert_error:
0AE4:0165 mov ah,ff     ;return error
0AE4:0167 ret
0AE4:0168 ;
0AE4:0168 ;get_one_byte:
0AE4:0168 cmp bp,0      ;see if we have bytes left
0AE4:016B jne 175       ;jne return_byte (jmp)
0AE4:016D call 137      ;call read_data
0AE4:0170 mov bp,ax     ;store bytes read in bp
0AE4:0172 mov si,200    ;reset src ptr
0AE4:0175 ;return_byte:
0AE4:0175 lodsb
0AE4:0176 dec bp
0AE4:0177 ret
0AE4:0178 ;
0AE4:0178 ; write(*phW,0x300,di-0x300)
0AE4:0178 ;write_data:
0AE4:0178 mov cx,di     ;load dst ptr
0AE4:017A sub cx,300    ;convert to count
0AE4:017E mov bx,[1cc]  ;write_handle=1cc
0AE4:0182 mov ax,4000   ;Write to File function
0AE4:0185 mov dx,0300   ;Points to data to write
0AE4:0188 int 21        ;Do it
0AE4:018A ret
0AE4:018B ;
0AE4:018B ;get_nibble_or_die_trying:
0AE4:018B call 168      ;call get_one_byte
0AE4:018E call 152      ;call convert_to_nibble
0AE4:0191 cmp ah,0      ;check for error
0AE4:0194 jne 18b       ;jne get_nibble_or_die_trying (jmp)
0AE4:0196 ret
0AE4:0197 ;
0AE4:0197 ;
0AE4:0197 ;================================================================
0AE4:0197 ;
0AE4:0197 ;------
0AE4:0197 ;main:
0AE4:0197 ;------
0AE4:0197 ;
0AE4:0197 call 116      ;call open_for_reading
0AE4:019A call 123      ;call open_for_writing
0AE4:019D ;
0AE4:019D ;-----------------------------------------------
0AE4:019D ; loop, processing bytes, refilling when needed
0AE4:019D ;-----------------------------------------------
0AE4:019D ;
0AE4:019D ; init pre-loop
0AE4:019D mov bp,0      ;bytes left
0AE4:01A0 ;outer_loop:
0AE4:01A0 mov di,300    ;write buf
0AE4:01A3 ;inner_loop:
0AE4:01A3 ;
0AE4:01A3 ; load the first byte (high nibble)
0AE4:01A3 call 18b      ;call get_nibble_or_die_trying
0AE4:01A6 ;
0AE4:01A6 ; save the nibble in ah -> stack
0AE4:01A6 mov cx,1000
0AE4:01A9 mul cx
0AE4:01AB push ax
0AE4:01AC ;
0AE4:01AC ; load the second byte (low nibble)
0AE4:01AC call 18b      ;call get_nibble_or_die_trying
0AE4:01AF ;
0AE4:01AF ; combine the nibbles and save the result
0AE4:01AF pop dx
0AE4:01B0 or al,dh
0AE4:01B2 stosb
0AE4:01B3 ;
0AE4:01B3 ; if we're not done, process the next byte
0AE4:01B3 cmp bp, 0
0AE4:01B6 jne 1a3       ;jne inner_loop (jmp)
0AE4:01B8 ;
0AE4:01B8 ;
0AE4:01B8 ; flush output and try for more
0AE4:01B8 call 178      ;call write_data
0AE4:01BB jmp 1a0       ;jmp outer_loop (jmp)
0AE4:01BD ;
0AE4:01BD ; declare global data
0AE4:01BD ;read_handle:
0AE4:01BD db 00,00
0AE4:01BF ;read_filename:
0AE4:01BF db "testfile.dat",00
0AE4:01CC ;write_handle:
0AE4:01CC db 00,00
0AE4:01CE ;write_filename:
0AE4:01CE db "testfile.out",00
0AE4:01DB ;
0AE4:01DB ; remainder is buffer space
0AE4:01DB 
-r cx
CX 0000
:0400
-n h2b.com
-w
Writing 00400 bytes
-q
